- 34,599
- 0
- 18 Дек 2022
- EDB-ID
- 24763
- Проверка EDB
-
- Пройдено
- Автор
- JOUKO PYNNONEN
- Тип уязвимости
- DOS
- Платформа
- MULTIPLE
- CVE
- cve-2004-1029
- Дата публикации
- 2004-11-22
Sun Java Runtime Environment 1.x Java Plugin - JavaScript Security Restriction Bypass
Код:
source: https://www.securityfocus.com/bid/11726/info
A vulnerability is reported to exist in the access controls of the Java to JavaScript data exchange within web browsers that employ the Sun Java Plug-in. Reports indicate that it is possible for a malicious website that contains JavaScript code to exploit this vulnerability to load a dangerous Java class and to pass this class to an invoked applet.
[script language=javascript]
var c=document.applets[0].getClass().forName('sun.text.Utility');
alert('got Class object: '+c)
[/script]- Источник
- www.exploit-db.com
